‘Colossal,’ ‘devastating’ cyber attack on Miami company

4
275

Recently a major gas pipeline and a major meat producer in the US were taken down by ransomware attacks. Now, we have a new assault, CNet reports. This time the hackers hit a Miami-based company that provides tech-management tools to organizations worldwide.

Hundreds of companies, including a railway, pharmacy chain, and grocery chain in Sweden, have reportedly been affected by the attack on software company Kaseya.

Information technology company Kaseya warned 40,000 clients that there was a “potential attack” on its VSA tool, which is used to manage computers remotely.

The company posted a security advisory to its help desk site, urging customers to shut down their servers running the service. They recommended that the customers shut down immediately.

Most authorities believe the same group of criminals behind the attack on JBS Meats engineered the current assault.

Huntress Lab’s John Hammond told NPR that this was “a colossal and devastating supply chain attack.” He suspects a major ransomware syndicate, the REvil gang, was behind the attack. REvil largely works out of Russia and nothing goes on in Russia without Putin’s approval.

Biden just met with Putin in Geneva warning him against the cyber attacks. Given Biden’s mental state, that was more like an invitation to attack.

Biden has done nothing about the attacks so far and that means these attacks are guaranteed to get worse. He did launch an investigation into this latest attack.

The cybercriminals sent two different ransom notes: one for $50,000 to smaller companies and one for $5 million to larger organizations.

“It is absolutely the biggest non-nation state supply-chain cyberattack that we’ve ever seen,” Allan Liska, a researcher with the cybersecurity firm Recorded Future, told the Washington Post. “And it’s probably the biggest ransomware attack we’ve seen, at least the biggest since WannaCry.”

While Kaseya says that only 40 direct customers had been affected, one cybersecurity company identified eight managed service providers (MSPs) with more than 200 clients whose networks were partially or completely shut down.

Cybersecurity researcher Jake Williams, president of Rendition Infosec, told NPR that the attack was likely timed to coincide with the 4th of July holiday when IT staffs are typically thin.  “There’s zero doubt in my mind that the timing here was intentional,” he said.

Washington Post:

Ransomware attacks increased significantly in frequency and severity during 2020. A report from a task force of more than 60 experts said nearly 2,400 governments, health-care systems and schools in the country were hit by ransomware in 2020. Organizations paid attackers more than $412 million in ransoms last year, according to the analysis firm Chainalysis.

After a May attack on Colonial Pipeline — which led to panicked lines at gas pumps and empty fuel stations — the U.S. government increased its emphasis on addressing cybersecurity issues and urged corporate America to strengthen its computer security.

Ransomware attacks have been on the rise as hackers band together and form cybercriminal gangs to extort companies for payment. The attacks are often carried out by attackers in Russia and Eastern Europe.

It’s unclear how the hackers gained access originally to Kaseya’s systems but the company has been a frequent target of criminal gangs because it represents an access point for tens of thousands of companies.


PowerInbox
0 0 votes
Article Rating
Subscribe
Notify of
guest
4 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments